CVE-2011-0926

A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.

Published: Feb 25, 2011
Updated: Apr 13, 2023
CVE: CVE-2011-0926
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cisco / secure_desktop	-	-

http://securityreason.com/securityalert/8105
http://www.securityfocus.com/archive/1/516647/100/0/threaded
http://www.securityfocus.com/bid/46536
http://www.securitytracker.com/id?1025118
http://www.vupen.com/english/advisories/2011/0513
http://www.zerodayinitiative.com/advisories/ZDI-11-091/
https://exchange.xforce.ibmcloud.com/vulnerabilities/65755

Vulnerability Database

289,697

CVE-2011-0926